HOOTSUITE TRUST CENTER
We recognize that your data is one of your most valuable assets. When you use our services and entrust us with your data, we are committed to protecting it and only using it to provide the services.
Hootsuite has incorporated privacy and security practices across our organization to demonstrate our commitment to managing your data in a responsible manner. Below we have highlighted some key elements of this program.
- Our Services - You are in control of the services that you subscribe to.
- What we collect from you - We collect data that is necessary to provide the services and the content you choose to upload, download, or view when you use our services.
- Know where your data is located - Social data comes from and flows to people and organizations all over the world. However, when using our services, your data is housed in secure data centres in the United States.
- Understand who can access your data - We have implemented strong measures to protect your data from inappropriate access.
- How we protect your data - Hootsuite has implemented industry standard security safeguards to protect your data.
- Understand how long we retain your data - We retain your data for limited business and legal purposes to provide the services to you.
- Privacy Legislation - Hootsuite complies with applicable international privacy laws such as the European Union General Data Protection Regulation (GDPR).
Hootsuite offers a suite of social media management tools which brings together all of your social media accounts for easy access and management through a single online portal. Through this portal, you can manage your social media, marketing and advertising campaigns; engage your audiences; schedule and publish messages; and analyze the results of these activities to demonstrate the value of social to your team members.
When you link your social media accounts to Hootsuite, you are in control of the data that is shared with us. You can decide which social media accounts to link to your Hootsuite account and also which third-party applications to link to your account and customize your Hootsuite experience.
Where Your Data is Located
Hootsuite is a global organization headquartered in Canada. We provide services, such as sales and customer support, to you from our headquarters but also from our other global offices.
By its nature, social data can be shared with people around the globe. The social networks and third-party apps that you choose to integrate with our services, will collect, store and process your data from various locations around the world.
At Hootsuite, we host your content on Amazon Web Services’ (AWS) highly secure and reliable data centres in the United States. Information about Amazon’s compliance and security controls can be found on Amazon's website.
We also use other third-party service providers (such as card processors, and CRM systems) to help us operate our services. These third party providers may process, or store, personal information on servers around the world.
For more information regarding Hootsuite and international transfers, please review our Privacy Notice.
How We Protect Your Data
Hootsuite has dedicated Security, GRC and Privacy teams that are responsible for developing and overseeing the privacy and security policies and practices of our organization. Hootsuite continuously seeks to enhance its privacy culture and all employees undergo privacy and security training so they are aware of the importance of protecting your data.
Our security controls are independently tested and audited by an international accounting firm on an annual basis, under a SOC 2 Type II audit. We also use a layered approach to protect your data. This includes implementing industry standard encryption protocols, strong firewalls, and logging and monitoring of unauthorized intrusions of its systems. Please visit our Best Practices for more information.
How Long We Keep Your Data
Hootsuite retains your data for as long as it is necessary to provide the services and to comply with our legal obligations, resolve disputes or enforce our agreement with you. For more information please review our Privacy Notice.
Hootsuite has a dedicated privacy team who has the responsibility of ensuring that Hootsuite is managing and processing personal information in compliance with applicable law. They monitor the privacy landscape to adjust company practices to comply with privacy best practices, but also with legislation such as Canadian PIPEDA and the EU GDPR.
Hootsuite and the GDPR
As a Canadian company, Hootsuite is already subject to data protection legislation that provides for similar standards as existing European laws. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
As a company with millions of users in Europe, Hootsuite is well aware of the need to provide its users with services and solutions that will help them meet the EU’s new data protection requirements. We appreciate that the GDPR requires our users, as data controllers, to engage data processors that deploy appropriate safeguards. We fully appreciate and recognize the importance of GDPR to our users in the delivery of our services to them.
The GDPR distinguishes between organisations that are “data controllers” and those that are “data processors”. As explained in our Privacy Notice, Hootsuite is a data processor of content generated, requested or published via its supported social networks. As such, Hootsuite only processes content in accordance with the instructions our users give us through our services. Because our users control how their content is collected and used by them, our users are, in legal terms, the data controllers of the content that they process through our platform. Hootsuite is its users’ data processor of that content.
Below is a list of materials to help you understand how the GDPR applies to Hootsuite and your use of our services.
Subprocessors of Content